Am Freitag, den 26.01.2018, 16:25 +0100 schrieb Reindl Harald: > > if you use distribution packages you are supposed to wait for a > update > from the distribution or learn to proper package at your own > > i heard that's not that easy as on Redhat systems because you don't > have > everything in a .src.rpm and just need to replace the tarball after > unpack the src.rpm and edit the version in the spec file but again:
That's not right. Building a 0.99.3 deb package based on the current 0.99.2 deb source package are just a few shell commands, e.g.: 0. set up an build environment e.g. on a fresh box: aptitude install dpkg-dev devscripts equivs quilt export QUILT_PATCHES=debian/patches 1. get the current 0.99.2 clamav src package, e.g. for 14.04 TLS from https://packages.ubuntu.com/source/trusty/clamav wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.2+ addedllvm-0ubuntu0.14.04.2.dsc wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.2+ addedllvm.orig.tar.xz wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.2+ addedllvm-0ubuntu0.14.04.2.debian.tar.gz 2. unpack the source package dpkg-source -x clamav_0.99.2+addedllvm-0ubuntu0.14.04.2.dsc 3. download the new original 0.99.3 clamav source http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz 4. upgrade the old 0.99.2 deb source package cd clamav-0.99.2+addedllvm uupdate -v 0.99.3 ../clamav-0.99.3.tar.gz 5. enter the new 0.99.3 deb source package dir cd ../clamav-0.99.3 6. remove old patches from ./debian/patches dir which are not longer needed. In this case (to my mind) on 14.04 LTS CVE-2017-6418 and CVE-2017-6420 are already patched in 0.99.3. Unsure about CVE-2017-6419 (didn't find it in the README); I removed it, because 0.99.3 original source doesn't come up with this patch. May be someone knows better. quilt pop -a quilt delete -r CVE-2017-6418 quilt delete -r CVE-2017-6419 quilt delete -r CVE-2017-6420 quilt delete -r CVE-2017-6420-2 7. maintenance debian/changelog and add your suffix, e.g. dch --local ~yoursuffix 8. finally build new deb package dpkg-buildpackage -us -uc That's it. So basically it's replacing the orig tar ball and update changelog too. Ciao Marcus _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
